Call us at 888.368.2463    CONTACT US
 Back to Blog

7 Steps to Nonprofit Risk Management

Nonprofits face risk on all sides. In a March 2016 report, Oliver Wyman and SeaChange Capital Partners list some of the difficult conditions under which nonprofits must operate. Among these are:

  • Tackling society’s hardest problems
  • Limited funding
  • Increasing costs for services
  • Recruiting and retention
  • Ever-changing operating environment

These experts conclude, “It is no surprise that many nonprofits are always living close to the edge.”

Away from the edge: How to mitigate risk

Clearly, it’s impossible to avoid all risk. To do so would be to close your doors—which would leave the people or causes you serve more vulnerable than they already are. The best thing you can do is to manage the inevitable risk. KnowHowNonprofit.org, which provides community-made advice and support for nonprofit organizations, offers a seven-step risk management process.

1. Identify your risks. The British-based Charity Commission recommends that you review risks under the headings of governance, external, regulatory, financial, and operational. These classifications can be used as a framework, as you think about the risks in relation to each of your strategic objectives.

2. Analyze the risks. This involves giving a score for the likelihood of occurrence and impact of each risk on your organization:

a. Likelihood is rated on a 1 (rare) to 5 (certain) scale.

b. Impact also uses a 1 to 5 scale, with 1 being insignificant and 5 being major. Measuring impact also considers the possible consequences if a risk occurs, such as the impact on service and reputation, possible complaints, and chances for litigation.

The initial risk score is calculated by multiplying the impact score by the likelihood score. This gives you a level of risk (low, medium, high) and the corresponding level within your organization that should take action (staff, management, or board).

3. Prioritize the risks. Use your risk rating score to identify which risks to address. A cutoff point can be helpful here—a level above which you’ll manage the risk and below which you won’t. You may decide, for example, to manage the top five risks or those that score six points or more.

4. Determine your risk appetite. How much risk are you willing to accept to pursue your objectives? This might change depending on the activity. In this step, consider the top 10 risk you’re managing. For each,

5. Reduce and control the risks. You want to control the level of each risk to an acceptable level. Your board should work with the people who “own” the risk to consider all the controls that are in place to reduce its likelihood or impact. After listing these controls, you can re-score the likelihood and impact of that risk to determine a residual risk score.

6. Give assurance. Make sure these controls are performing as expected. You can ask the risk “owner” to periodically confirm that the controls are effective. Internal or external auditors can also provide this assurance.

7. Monitor and review risks. Risks are always evolving, so the way you manage them will also change. Thus, it’s good practice to tie the monitoring and review process to your strategic and operational planning. You may choose to do an in-depth review of a specific risk at each board meeting, which gives trustees a detailed understanding of your risks and controls—and helps assure them that risk is being effectively managed.

Mitigating risk with technology

Risk management, in large part, is about control. That’s where cloud fund accounting software such as Sage Intacct can help. It decentralizes the planning and control process, so you can achieve a granular level of accuracy. Setting budgets for each event, campaign, program, and funder—and then tracking the actuals—creates tighter controls and helps prevent unexpected outcomes.

Another excellent risk management strategy is relying on the nonprofit technology experts at JMT Consulting. We help deliver the financial, development, and productivity solutions that you need to manage risk and achieve mission success. Want to learn more? We’re only a phone call or email away.

Related Posts:
A Nonprofit’s Guide to Government Compliance
May 14, 2018
A Nonprofit’s Guide to Government Compliance

Compliance is a hefty responsibility for nonprofit organizations; indeed, more so than for-profit companies. As the firm Harbor Compliance points out, there’s a good reason for that—nonprofits are exempt from federal corporate taxes and can receive public funding. Both the IRS and states have requirements for nonprofits. The penalties for noncompliance can be severe. A…

Communication Service for the Deaf; A Sage Intacct Success Story
October 2, 2017
Communication Service for the Deaf; A Sage Intacct Success Story

Communication Service for the Deaf (CSD) is a 501c nonprofit organization based in the United States and New Zealand, providing a plethora of services to the deaf.  They recently worked with JMT Consulting Group to enhance their financial management solution by implementing Sage Intacct and Nexonia.  We recently sat down with Brad Hermes, CFO and…

What’s wrong with your chart of accounts and the solutions you need to make it right
April 21, 2017
What’s wrong with your chart of accounts and the solutions you need to make it right

In the most basic terms, a Chart of Accounts (COA) gives a complete listing of every account in your accounting system. To a nonprofit financial manager or controller, a chart of accounts is much more than that. Your chart of accounts is the framework that gives insight into your nonprofit organization’s financial health. If well-designed,…

Skating The Edge Between Risk and Reward at Your Nonprofit
March 5, 2019
Skating The Edge Between Risk and Reward at Your Nonprofit

Every nonprofit faces risk, but it doesn’t have to be a liability. Learn to take a holistic view of risk and use the unexpected to your advantage. What if your funding was cut by half overnight? It might sound impossible, but given the precarious financial situation most nonprofits face, it’s a very real risk. You…

 Back to Blog